Adding upstream version 1.10.2.upstream/1.10.2

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

4 files changed, 215 insertions, 0 deletions

diff --git a/library/Director/CoreBeta/ApiStream.php b/library/Director/CoreBeta/ApiStream.php
new file mode 100644
index 0000000..478fd40
--- /dev/null
+++ b/library/Director/CoreBeta/ApiStream.php
@@ -0,0 +1,57 @@
+<?php
+
+namespace Icinga\Module\Director\CoreBeta;
+
+use Exception;
+
+class ApiClient extends Stream
+{
+    protected $port;
+
+    public static function create($peer, $port = 5665)
+    {
+        $stream = new static();
+    }
+
+    protected function createClientConnection()
+    {
+        $context = $this->createSslContext();
+        if ($context === false) {
+            echo "Unable to set SSL options\n";
+            return false;
+        }
+
+        $conn = stream_socket_client(
+            'ssl://' . $this->peername . ':' . $this->peerport,
+            $errno,
+            $errstr,
+            15,
+            STREAM_CLIENT_CONNECT,
+            $context
+        );
+
+        return $conn;
+    }
+
+    protected function createSslContext()
+    {
+        $local  = 'ssl://' . $this->local;
+        $context = stream_context_create();
+
+        // Hack, we need key and cert:
+        $certfile = preg_replace('~\..+$~', '', $this->certname) . '.combi';
+
+        $options = array(
+            'ssl' => array(
+                'verify_host' => true,
+                'cafile'      => $this->ssldir . '/ca.crt',
+                'local_cert'  => $this->ssldir . '/' . $certfile,
+                'CN_match'    => 'monitor1',
+            )
+        );
+
+        $result = stream_context_set_option($context, $options);
+
+        return $context;
+    }
+}
diff --git a/library/Director/CoreBeta/Stream.php b/library/Director/CoreBeta/Stream.php
new file mode 100644
index 0000000..5add9a3
--- /dev/null
+++ b/library/Director/CoreBeta/Stream.php
@@ -0,0 +1,17 @@
+<?php
+
+namespace Icinga\Module\Director\CoreBeta;
+
+abstract class Stream
+{
+    protected $stream;
+
+    protected $buffer = '';
+
+    protected $bufferLength = 0;
+
+    protected function __construct($stream)
+    {
+        $this->stream = $stream;
+    }
+}
diff --git a/library/Director/CoreBeta/StreamContext.php b/library/Director/CoreBeta/StreamContext.php
new file mode 100644
index 0000000..4844b79
--- /dev/null
+++ b/library/Director/CoreBeta/StreamContext.php
@@ -0,0 +1,89 @@
+<?php
+
+namespace Icinga\Module\Director\CoreBeta;
+
+use Icinga\Exception\ProgrammingError;
+
+class StreamContext
+{
+    protected $options = array();
+
+    public function ssl()
+    {
+        if ($this->ssl === null) {
+            $this->ssl = new StreamContextSslOptions();
+        }
+
+        return $this->ssl;
+    }
+
+    public function isSsl()
+    {
+        return $this->ssl !== null;
+    }
+
+    public function setCA(CA $ca)
+    {
+        // $this->options
+    }
+
+    protected function createSslContext()
+    {
+        $local  = 'ssl://' . $this->local;
+        $context = stream_context_create();
+
+        // Hack, we need key and cert:
+        $certfile = preg_replace('~\..+$~', '', $this->certname) . '.combi';
+
+        $options = array(
+            'ssl' => array(
+                'verify_host' => true,
+                'cafile'      => $this->ssldir . '/ca.crt',
+                'local_cert'  => $this->ssldir . '/' . $certfile,
+                'CN_match'    => 'monitor1',
+            )
+        );
+
+        $result = stream_context_set_option($context, $options);
+
+        return $context;
+    }
+
+    public function setContextOptions($options)
+    {
+        if (array_key_exists('ssl', $options)) {
+            throw new ProgrammingError('Direct access to ssl options is not allowed');
+        }
+    }
+
+    protected function reallySetContextOptions($options)
+    {
+        if ($this->context === null) {
+            $this->options = $options;
+        } else {
+            stream_context_set_option($this->context, $options);
+        }
+    }
+
+    protected function lazyContext()
+    {
+        if ($this->context === null) {
+            $this->context = stream_context_create();
+            $this->setContextOptions($this->getOptions());
+
+            // stream_context_set_option($this->context
+            if ($this->isSsl()) {
+                $this->options['ssl'] = $this->ssl()->getOptions();
+            }
+
+            $result = stream_context_set_option($this->context, $this->options);
+        }
+
+        return $this->context;
+    }
+
+    public function getRawContext()
+    {
+        return $this->lazyContext();
+    }
+}
diff --git a/library/Director/CoreBeta/StreamContextSslOptions.php b/library/Director/CoreBeta/StreamContextSslOptions.php
new file mode 100644
index 0000000..d01d4a5
--- /dev/null
+++ b/library/Director/CoreBeta/StreamContextSslOptions.php
@@ -0,0 +1,52 @@
+<?php
+
+namespace Icinga\Module\Director\CoreBeta;
+
+use Icinga\Exception\ProgrammingError;
+
+class StreamContextSslOptions
+{
+    protected $options = array(
+        'verify_peer' => true,
+    );
+
+    public function setCA(CA $ca)
+    {
+        $this->ca = $ca;
+    }
+
+    public function capturePeerCert($capture = true)
+    {
+        $this->options['capture_peer_cert'] = (bool) $capture;
+        return $this;
+    }
+
+    public function capturePeerChain($capture = true)
+    {
+        $this->options['capture_peer_chain'] = (bool) $capture;
+        return $this;
+    }
+
+    public function setCiphers($ciphers)
+    {
+        $this->options['ciphers'] = $ciphers;
+        return $this;
+    }
+
+    public function setPeerName($name)
+    {
+        if (version_compare(PHP_VERSION, '5.6.0') >= 0) {
+            $this->options['peer_name'] = $name;
+            $this->options['verify_peer_name'] = true;
+        } else {
+            $this->options['CN_match'] = $name;
+        }
+        return $this;
+    }
+
+    public function getOptions()
+    {
+        // TODO: Fail on missing cert
+        return $this->options;
+    }
+}